People's reaction to this is just stupid.
Posted Nov 19, 2009 23:17 UTC (Thu) by drag
In reply to: People's reaction to this is just stupid.
Parent article: Fedora 12 lets unprivileged users install packages
Your assumption that the ability to run 'sudo yum update' implies the
ability to run 'sudo ls' or 'sudo sh' is incorrect. (Just because Ubuntu
sets it up that way doesn't mean it's the only way, or even a particularly
My assumption is based on the reality of what is a seems to be a acceptable
default configuration for distros. The 'status quo', so to say. If you can
lock down sudo then I can change whatever I want with package
kit and it is impossible to make a good comparison.
At least sudo can be configured to ask you for a password (at intervals or
every time), and as it's setuid it's relatively hard for an attacker
running as the user to spy on the user's keystrokes as he types it in. So
elevation to the user does not necessarily mean you can get to root that
The usual default configuration is to allow sudo access by prompting for a
password. This is what I am talking about. And it allows you to re-run sudo
without a password for a period of time. My example exploit depends on this
behavior. If you run sudo from one console then that gives unlimited root
access to any sudo command without prompting for a password for a period of
time for every instance of that user's account.
Of course this is configurable, but remember the dispute is about default
configurations. I am not sure how it is with Fedora, but people don't seem
to have a problem with Ubuntu and I think it's the same.
In any case, the existence of one security hole isn't a reason to allow
another one to continue to exist!
Sure... But you have to realize that the use of things like packagekit and
policykit is to eliminate the need for things like sudo for typical desktop
I am of the opinion that a desktop that does not require running root code
under a user's account as a part of normal everyday activities is superior
to one that does. I am looking forward to the day that a user is able to
perform every common function on the desktop without requiring root access
or running root code under their account and this is a big step in that
direction. No distro should ship with sudo enabled for anything!
Sudo and su should be reserved for administrators and experts. Expecting
normal users to be able to use these things safely is asking too much. And
using gtksudo (and similar things) to run GUI applications entirely as root
under your account is a huge security hole in itself. Probably the thing
should ask for a admin password or something like that, but I think that
asking for a user's password is security theater and asking for a root
password is just a plain bad idea.
to post comments)